Hi All, One of the most used networking mode when users run containers using the `DockerContainerizer` is docker bridge mode networking. In this mode containers run in an isolator private address space, and services on the container are exposed to the outside world using DNAT.
As we move towards the unified containerizer becoming the de-facto container runtime, and users start running their docker containers on the `MesosContainerizer`, the expectation of exposing services running on isolator bridges with DNAT starts becoming a must have. With the introduction of the `network/cni` isolator we can use CNI plugins to start attaching containers on the `MesosContainerizer` to different types of IP networks. Corresponding to docker bridge network, CNI has its own bridge plugin, however unlike docker bridge networking the CNI bridge plugin does not provide DNAT services to expose containers on a bridge. None of the core CNI plugins provide a port mapping functionality, and it is only recently that there seems to be a push for having port mapping functionality in a CNI plugin. We are therefore proposing implementing a CNI plugin that can setup port mapping rules for different CNI plugins for Mesos. This CNI plugin is generic enough that it can be used in conjunction with any other CNI plugin, such as the bridge plugin. The motivation, design and operational aspects of the plugin have been captured in this document: https://docs.google.com/document/d/1ZwXZ_utpxmy9vccYiL0q86efgpWpjmmKLQ0S4Mmz9N4/edit?usp=sharing Would be great if the community can share their feedback on the proposed port mapping CNI plugin. Thanks, -- Avinash Sridharan, Mesosphere +1 (323) 702 5245
